CVE-2026-27785: CWE-798 in Milesight MS-Cxx63-PD
Milesight MS-Cxx63-PD AIOT cameras in specific firmware versions contain hard-coded credentials, which represent a security vulnerability. This issue is tracked as CVE-2026-27785 and is classified under CWE-798. The vulnerability has a high severity rating with a CVSS 4.0 score of 7.7. There is no official patch or remediation level currently indicated by the vendor or advisory. No known exploits in the wild have been reported to date.
AI Analysis
Technical Summary
CVE-2026-27785 identifies a vulnerability in specific firmware versions of the Milesight MS-Cxx63-PD AIOT camera where hard-coded credentials are present. Hard-coded credentials (CWE-798) can allow unauthorized access if discovered by an attacker. The CVSS 4.0 vector indicates the attack vector is adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). No patch or official remediation guidance has been provided yet.
Potential Impact
The presence of hard-coded credentials in the affected Milesight camera firmware could allow an attacker with network access adjacent to the device to gain unauthorized access without needing privileges or user interaction. This can lead to full compromise of confidentiality, integrity, and availability of the device. However, no known exploits have been reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting network exposure of affected devices and monitor for any updates from Milesight regarding patches or mitigations. No vendor advisory or official fix is currently available.
CVE-2026-27785: CWE-798 in Milesight MS-Cxx63-PD
Description
Milesight MS-Cxx63-PD AIOT cameras in specific firmware versions contain hard-coded credentials, which represent a security vulnerability. This issue is tracked as CVE-2026-27785 and is classified under CWE-798. The vulnerability has a high severity rating with a CVSS 4.0 score of 7.7. There is no official patch or remediation level currently indicated by the vendor or advisory. No known exploits in the wild have been reported to date.
CVSS v4.0
Score 7.7high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-27785 identifies a vulnerability in specific firmware versions of the Milesight MS-Cxx63-PD AIOT camera where hard-coded credentials are present. Hard-coded credentials (CWE-798) can allow unauthorized access if discovered by an attacker. The CVSS 4.0 vector indicates the attack vector is adjacent network (AV:A), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (VC:H/VI:H/VA:H). No patch or official remediation guidance has been provided yet.
Potential Impact
The presence of hard-coded credentials in the affected Milesight camera firmware could allow an attacker with network access adjacent to the device to gain unauthorized access without needing privileges or user interaction. This can lead to full compromise of confidentiality, integrity, and availability of the device. However, no known exploits have been reported in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should consider limiting network exposure of affected devices and monitor for any updates from Milesight regarding patches or mitigations. No vendor advisory or official fix is currently available.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- icscert
- Date Reserved
- 2026-03-12T17:51:09.903Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f0134ecbff5d861057a5c3
Added to database: 4/28/2026, 1:54:22 AM
Last enriched: 5/5/2026, 7:38:09 AM
Last updated: 6/12/2026, 12:20:32 PM
Views: 76
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.